The 'rsyslog' daemon should not accept remote messages unless the system acts as a log server. If the system needs to act as a central log server, add the following lines to '/etc/rsyslog.conf' to enable reception of messages over UDP: $ModLoad imudp $UDPServerRun 514 [enable_rsyslog_to_accept_messages/disable_accepting_message_via_udp] Many devices, such as switches, routers, and other Unix-like systems, may only support the traditional syslog transmission over UDP. If the system must act as a log server, this enables it to receive their messages as well. oval:org.secpod.oval:def:48864 oval:org.secpod.oval:def:48257 SCAP Repo OVAL Definition 2018-11-08